[PATCH 1/4] auth: Add KbdintResult definition to define result values explicitly

Marco Trevisan <marco@xxxxxxxxxx> · Thu, 13 Feb 2025 17:22:06 +0100

From: Marco Trevisan (Treviño) <mail@xxxxxxxxx>

kbdint result vfunc may return various values, so use an enum to make it
clearer what each result means without having to dig into the struct
documentation.
---
 auth-bsdauth.c |  2 +-
 auth-pam.c     | 10 +++++-----
 auth.h         |  5 +++++
 auth2-chall.c  |  4 ++--
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/auth-bsdauth.c b/auth-bsdauth.c
index d124e994e..ca41735de 100644
--- a/auth-bsdauth.c
+++ b/auth-bsdauth.c
@@ -111,7 +111,7 @@ bsdauth_respond(void *ctx, u_int numresponses, char **responses)
 	authctxt->as = NULL;
 	debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
 
-	return (authok == 0) ? -1 : 0;
+	return (authok == 0) ? KbdintResultFailure : KbdintResultSuccess;
 }
 
 static void
diff --git a/auth-pam.c b/auth-pam.c
index 13c0a792e..5dfa69202 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -990,15 +990,15 @@ sshpam_respond(void *ctx, u_int num, char **resp)
 	switch (ctxt->pam_done) {
 	case 1:
 		sshpam_authenticated = 1;
-		return (0);
+		return KbdintResultSuccess;
 	case 0:
 		break;
 	default:
-		return (-1);
+		return KbdintResultFailure;
 	}
 	if (num != 1) {
 		error("PAM: expected one response, got %u", num);
-		return (-1);
+		return KbdintResultFailure;
 	}
 	if ((buffer = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
@@ -1015,10 +1015,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
 	}
 	if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, buffer) == -1) {
 		sshbuf_free(buffer);
-		return (-1);
+		return KbdintResultFailure;
 	}
 	sshbuf_free(buffer);
-	return (1);
+	return KbdintResultAgain;
 }
 
 static void
diff --git a/auth.h b/auth.h
index 98bb23d4c..aba6e775d 100644
--- a/auth.h
+++ b/auth.h
@@ -51,6 +51,7 @@ struct sshauthopt;
 typedef struct Authctxt Authctxt;
 typedef struct Authmethod Authmethod;
 typedef struct KbdintDevice KbdintDevice;
+typedef int KbdintResult;
 
 struct Authctxt {
 	sig_atomic_t	 success;
@@ -115,6 +116,10 @@ struct Authmethod {
 	int	(*userauth)(struct ssh *, const char *);
 };
 
+#define KbdintResultFailure -1
+#define KbdintResultSuccess 0
+#define KbdintResultAgain 1
+
 /*
  * Keyboard interactive device:
  * init_ctx	returns: non NULL upon success
diff --git a/auth2-chall.c b/auth2-chall.c
index 021df8291..047d4e83c 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -331,11 +331,11 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
 	free(response);
 
 	switch (res) {
-	case 0:
+	case KbdintResultSuccess:
 		/* Success! */
 		authenticated = authctxt->valid ? 1 : 0;
 		break;
-	case 1:
+	case KbdintResultAgain:
 		/* Authentication needs further interaction */
 		if (send_userauth_info_request(ssh) == 1)
 			authctxt->postponed = 1;
-- 
2.34.1

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev







